/**
 * 权限管理相关类型定义
 */

// 权限基本信息
export interface Permission {
  name: string
  displayName?: string
  description?: string
  parentName?: string
  isGranted: boolean
  providerName?: string
  providerKey?: string
  level: number
  children?: Permission[]
}

// 权限组
export interface PermissionGroup {
  name: string
  displayName: string
  description?: string
  permissions: Permission[]
}

// 角色基本信息
export interface Role {
  id: string
  name: string
  displayName?: string
  description?: string
  isDefault: boolean
  isPublic: boolean
  isStatic: boolean
  concurrencyStamp: string
  creationTime: string
  lastModificationTime?: string
  creatorId?: string
  lastModifierId?: string
  tenantId?: string
}

// 角色创建请求
export interface CreateRoleRequest {
  name: string
  displayName?: string
  description?: string
  isStatic?: boolean
  isPublic?: boolean
  permissions?: string[]
}

// 角色更新请求
export interface UpdateRoleRequest {
  name: string
  displayName?: string
  description?: string
  isStatic: boolean
  isPublic: boolean
  concurrencyStamp: string
}

// 角色查询参数
export interface RoleQueryParams {
  filter?: string
  isStatic?: boolean
  isPublic?: boolean
  isDefault?: boolean
  tenantId?: string
  sorting?: string
  skipCount?: number
  maxResultCount?: number
  includeDetails?: boolean
}

// 角色查询结果
export interface RoleQueryResult {
  items: Role[]
  totalCount: number
}

// 权限定义
export interface PermissionDefinition {
  name: string
  displayName?: string
  description?: string
  isEnabled: boolean
  multiTenancySide: 'Host' | 'Tenant' | 'Both'
  providers?: string[]
  parentName?: string
  children?: PermissionDefinition[]
}

// 权限提供者
export interface PermissionProvider {
  name: string
  displayName: string
  description?: string
  isEnabled: boolean
}

// 权限验证请求
export interface PermissionCheckRequest {
  permissions: string[]
  userId?: string
  tenantId?: string
}

// 权限验证结果
export interface PermissionCheckResult {
  result: {
    [permissionName: string]: boolean
  }
}

// 用户权限分配
export interface UserPermissionAssignment {
  userId: string
  permissionName: string
  isGranted: boolean
  providerName?: string
  providerKey?: string
}

// 角色权限分配
export interface RolePermissionAssignment {
  roleId: string
  permissionName: string
  isGranted: boolean
  providerName?: string
  providerKey?: string
}

// 权限策略
export interface PermissionPolicy {
  name: string
  displayName: string
  description?: string
  isEnabled: boolean
  conditions: PermissionPolicyCondition[]
  actions: PermissionPolicyAction[]
}

// 权限策略条件
export interface PermissionPolicyCondition {
  type: 'UserClaim' | 'Role' | 'Tenant' | 'Custom'
  operator: 'Equals' | 'NotEquals' | 'Contains' | 'NotContains' | 'In' | 'NotIn' | 'GreaterThan' | 'LessThan'
  property: string
  value: any
  valueType: 'String' | 'Number' | 'Boolean' | 'Array'
}

// 权限策略动作
export interface PermissionPolicyAction {
  type: 'Grant' | 'Deny' | 'Delegate'
  permissionName: string
  conditions?: string[]
}

// 动态权限
export interface DynamicPermission {
  id: string
  name: string
  displayName: string
  description?: string
  isEnabled: boolean
  isDynamic: boolean
  definition: string
  parameters?: Record<string, any>
  providerName?: string
  providerKey?: string
  creationTime: string
  lastModificationTime?: string
}

// 权限模板
export interface PermissionTemplate {
  id: string
  name: string
  displayName: string
  description?: string
  isDefault: boolean
  isSystem: boolean
  permissions: string[]
  roles?: string[]
  tenantId?: string
  creationTime: string
}

// 权限审计日志
export interface PermissionAuditLog {
  id: string
  userId: string
  userName: string
  tenantId?: string
  tenantName?: string
  permissionName: string
  operation: 'Granted' | 'Revoked' | 'Checked'
  operationTime: string
  ipAddress: string
  userAgent: string
  isGranted: boolean
  details?: string
  context?: Record<string, any>
}

// 权限使用统计
export interface PermissionUsageStatistics {
  permissionName: string
  displayName?: string
  checkCount: number
  grantCount: number
  revokeCount: number
  lastUsedTime?: string
  userUsageCount: number
  roleUsageCount: number
}

// 权限依赖关系
export interface PermissionDependency {
  parentPermission: string
  childPermission: string
  dependencyType: 'Required' | 'Implied' | 'Exclusive'
  description?: string
}

// 权限范围
export interface PermissionScope {
  id: string
  name: string
  displayName: string
  description?: string
  entityType?: string
  entityId?: string
  tenantId?: string
  permissions: string[]
}

// 权限范围分配
export interface PermissionScopeAssignment {
  scopeId: string
  userId?: string
  roleId?: string
  permissionName: string
  isGranted: boolean
}

// 权限请求上下文
export interface PermissionRequestContext {
  userId: string
  userName: string
  tenantId?: string
  tenantName?: string
  roles: string[]
  claims: Record<string, string[]>
  permissions: string[]
  requestTime: string
  ipAddress: string
  userAgent: string
  resource?: string
  action?: string
  context?: Record<string, any>
}

// 权限评估结果
export interface PermissionEvaluationResult {
  isAllowed: boolean
  permissionName: string
  evaluatedPolicies: PolicyEvaluationResult[]
  evaluatedConditions: ConditionEvaluationResult[]
  evaluatedPermissions: string[]
  evaluationTime: string
  context?: Record<string, any>
}

// 策略评估结果
export interface PolicyEvaluationResult {
  policyName: string
  isApplicable: boolean
  isSatisfied: boolean
  evaluatedConditions: ConditionEvaluationResult[]
  action: 'Grant' | 'Deny' | 'None'
}

// 条件评估结果
export interface ConditionEvaluationResult {
  conditionType: string
  property: string
  operator: string
  expectedValue: any
  actualValue: any
  isSatisfied: boolean
  evaluationTime: string
}

// 权限缓存
export interface PermissionCache {
  key: string
  userId: string
  tenantId?: string
  permissions: string[]
  grantedPolicies: Record<string, boolean>
  cacheTime: string
  expiryTime: string
  version: number
}

// 权限配置
export interface PermissionConfiguration {
  maxCacheDuration: number
  enablePermissionCaching: boolean
  enablePolicyEvaluation: boolean
  enableAuditLogging: boolean
  enableUsageStatistics: boolean
  defaultPolicyAction: 'Grant' | 'Deny'
  cacheInvalidationStrategy: 'TimeBased' | 'EventBased' | 'Manual'
}

// 权限导入导出
export interface PermissionExportRequest {
  format: 'Json' | 'Xml' | 'Csv'
  includeSystemPermissions: boolean
  includeDynamicPermissions: boolean
  includeTemplates: boolean
  includeAssignments: boolean
  tenantId?: string
}

export interface PermissionImportRequest {
  file: File
  overwriteExisting: boolean
  importMode: 'Merge' | 'Replace'
  validateOnly: boolean
  tenantId?: string
}

// 权限批量操作
export interface BulkPermissionOperationRequest {
  operation: 'Grant' | 'Revoke' | 'Delete'
  target: 'User' | 'Role' | 'Tenant' | 'Global'
  targetIds: string[]
  permissions: string[]
  providerName?: string
  providerKey?: string
  reason?: string
}

// 权限状态枚举
export enum PermissionStatus {
  Granted = 'Granted',
  Revoked = 'Revoked',
  Pending = 'Pending',
  Expired = 'Expired'
}

// 权限类型枚举
export enum PermissionType {
  System = 'System',
  Business = 'Business',
  Custom = 'Custom',
  Dynamic = 'Dynamic'
}

// 权限级别枚举
export enum PermissionLevel {
  Global = 'Global',
  Tenant = 'Tenant',
  Organization = 'Organization',
  Department = 'Department',
  Team = 'Team',
  Individual = 'Individual'
}

// 角色类型枚举
export enum RoleType {
  System = 'System',
  Tenant = 'Tenant',
  Organization = 'Organization',
  Department = 'Department',
  Custom = 'Custom'
}

// 权限操作类型枚举
export enum PermissionOperationType {
  Create = 'Create',
  Read = 'Read',
  Update = 'Update',
  Delete = 'Delete',
  Execute = 'Execute',
  Manage = 'Manage',
  Admin = 'Admin'
}

// 权限验证模式枚举
export enum PermissionValidationMode {
  Strict = 'Strict',
  Lenient = 'Lenient',
  CacheOnly = 'CacheOnly',
  RealTime = 'RealTime'
}